﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;

namespace BusinessLayer
{
    public class User
    {
        private string _personId, _userName;
        private int _admin;

        public string PersonId { get { return this._personId; } set { this._personId = value; } }
        public string UserName { get { return this._userName; } set { this._userName = value; } }
        public int Admin { get { return this._admin; } set { this._admin = (int)value; } }


       
        public static User verifyUser(string userN, string pass)
        {
            string slt = "";
            User newUser = new User();
            string sql = "SELECT Salt FROM USERS WHERE Username=@userName";
            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString);
            SqlCommand cmd = new SqlCommand(sql, con);
            cmd.Parameters.Add(new SqlParameter("userName", userN));
            try
            {
                con.Open();
                SqlDataReader dar = cmd.ExecuteReader();
                if (dar.Read())
                {
                    slt = dar["Salt"] as string;
                }
            }
            catch (Exception er)
            {
                throw er;
            }
            finally
            {
                con.Close();

                string sql2 = "SELECT * FROM USERS WHERE Username=@userName AND Password=@pass";
                SqlConnection con2 = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString);
                SqlCommand cmd2 = new SqlCommand(sql2, con2);
                cmd2.Parameters.Add(new SqlParameter("userName", userN));
                cmd2.Parameters.Add(new SqlParameter("pass", Settings.SecureString(slt + pass)));

                try
                {
                    con2.Open();
                    SqlDataReader dar2 = cmd2.ExecuteReader();
                    if (dar2.Read())
                    {
                        newUser.UserName = dar2["Username"] as string;
                        newUser.PersonId = dar2["PersonId"] as string;
                        newUser.Admin = Convert.ToInt32(dar2["isAdmin"]);                        
                    }
                }
                catch (Exception er)
                {
                    throw er;
                }
                finally
                {
                    con2.Close();
                }                
            }

            return newUser;           
        }

        public static void addUser(string first, string last, string address, int category, string telno, string userN, string pass, string persID, int admin)
        {
            //string sql1 = "INSERT INTO BORROWER(PersonId, FirstName, LastName, Address, CategoryId, TelNo) VALUES(@personid, @firstname, @lastname, @address, @category, @telno); ";

            BusinessLayer.Borrower.AddBorrower(persID, first, last, address, telno, category);

            string sql = "INSERT INTO USERS(Username, Password, Salt, isAdmin, PersonId) VALUES(@username, @password, @salt, @admin, @personid)";

            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString);
            SqlCommand cmd = new SqlCommand(sql, con);

            cmd.Parameters.Add(new SqlParameter("personid", persID));
            //cmd.Parameters.Add(new SqlParameter("firstname", first));
            //cmd.Parameters.Add(new SqlParameter("lastname", last));
            //cmd.Parameters.Add(new SqlParameter("address", address));
            //cmd.Parameters.Add(new SqlParameter("category", category));
            //cmd.Parameters.Add(new SqlParameter("telno", telno));
            string salt = Settings.GenerateSalt();
            cmd.Parameters.Add(new SqlParameter("username", userN));
            cmd.Parameters.Add(new SqlParameter("salt", salt));
            cmd.Parameters.Add(new SqlParameter("password", Settings.SecureString(salt + pass)));
            cmd.Parameters.Add(new SqlParameter("admin", admin));

            try
            {
                con.Open();
                SqlDataReader dar = cmd.ExecuteReader();
            }
            catch (Exception er)
            {
                throw er;
            }
            finally
            {
                con.Close();
            }
        }
        public static void ModUser(string Username, string Password, string PersonId, int isAdmin)
        {
            string sql = "UPDATE dbo.USERS SET Username=@Username, Password=@Password, Salt=@Salt, isAdmin=@isAdmin WHERE PersonId=@PersonId";
            string Salt = BusinessLayer.Settings.GenerateSalt();


            SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["connectionString"].ConnectionString);
            SqlCommand cmd = new SqlCommand(sql, con);

            
            cmd.Parameters.Add(new SqlParameter("Username", Username));
            cmd.Parameters.Add(new SqlParameter("Salt",Salt));
            cmd.Parameters.Add(new SqlParameter("Password", Settings.SecureString(Salt + Password)));
            cmd.Parameters.Add(new SqlParameter("isAdmin", isAdmin));

            try
            {
                con.Open();
                SqlDataReader dar = cmd.ExecuteReader();
            }
            catch (Exception er)
            {
                throw er;
            }
            finally
            {
                con.Close();
            }
        
        
        }

        public static void DeleteUser(string PersonId)
        {
            BusinessLayer.Borrower.RemoveBorrower(PersonId);
        }

       
    }
}
